There is a growing gap in security, visibility and control over individual accounts in businesses, both privileged and otherwise, according to a Centrify survey of more than 400 IT decision makers (ITDMs) in the United States and the United Kingdom.
The study found 59 percent of American ITDMs are sharing access credentials with other employees at least somewhat often, and another 52 percent share access at least somewhat often with contractors. In the United Kingdom, the numbers are 34 percent and 32 percent.
In addition, 53 percent of ITDMs in the United States say it would be at least somewhat easy for a former employee to still log in and access data.
In the United Kingdom, the number is 32 percent, and half of ITDMs overall say it can take up to a week or more to remove access to sensitive systems.
The study indicated that IT managers are sounding the alarms to little avail, with nearly half (48 percent) of U.S. and 30 percent of U.K. ITDMs having had to fight their organizations for stricter protocols, while 42 percent of U.S. and 27 percent of U.K. respondents said they have lost the battle for stricter protocols—even while 28 percent of U.S. and 40 percent of U.K. respondents said security isn't getting enough attention.
"I think ITDMs are very aware of the risks that today’s attackers pose to their business—but in many cases the products available just aren’t focused on today’s biggest threats," Chris Webber, director of product marketing for Centrify, told eWEEK. "The best firewalls in the world, or the most comprehensive antimalware solutions still don’t stop users employees from using simple, easily cracked passwords. Nor can they prevent users from falling victim to social engineering designed to harvest their credentials."
The survey also found 55 percent of American ITDMs said their organizations had been breached in the past, and 44 percent of U.S. companies had breaches that together cost millions of dollars.
On the other side of the pond, 45 percent of British ITDMs said their organizations had been breached in the past and more than a third (35 percent) of U.K. companies had breaches that together cost millions of dollars.
"A few years back we had hacktivist groups showing us where we were weak, and where the threats were going to come from," Webber said. "They were right on target, and continue to be. Attackers will continue to be pinpoint-focused on stealing and compromising employee credentials. We need to remember the lessons; employee credentials are the keys to the kingdom."
Webber said protecting them means taking a holistic look at how to eliminate shared passwords wherever possible, eliminate passwords with Security Assertion Markup Language (SAML) or other secure solutions, and implement multifactor authentication in the places passwords must remain.
"Those top three actions can do the most to put a stop to the domino effect of password theft leading to data breach, leading to more password theft and ever more breaches," he said.